While you may think your personal information is actually personal you’d be surprised how much information about you winds up online. Just do a search for yourself on Pipl, a people search directory, to see the personal details out there. (Go on, we’ll wait.) Chances are the search came up with your name, social media profiles and possibly even your parents’ names, address and telephone number too.

Pipl isn’t some secret hacker database. It’s just a repository of publicly available online data about individuals, all of which businesses and advertisers are eager to get their hands on. That’s right: this sort of data collection is completely legitimate, and a lot of it is pulled from information you put online.

Whether you’re worried about identity theft or you just don’t like the idea of other people tracking your every move, there are steps you can take to keep your private data private.

1. Password-protect everything.

You may not think it’s necessary to password-protect your home computer, but all your digital devices should be password-protected. That includes your computers, tablets, smartphones and anything other gadgets with personal data on them. If it’s unsecured by a password, a lost or stolen gadget is a source of personal information for whoever has it, which can lead to identity theft and worse.

The same advice goes for online accounts. Since most of these need a password to set up, the challenge is making strong passwords. Use our tips for strong passwords to be sure yours is a good one. Don’t use the same password for more than one site, because one hacked account could result in all your accounts being compromised. To help you remember all of these passwords, use a password manager such as LastPass or RoboForm.

Turn on two-factor authentication for any site that supports it, which protects your account even if a hacker does get your password. And those security questions designed to help you recover a lost password or forgotten user name? They aren’t very secure, because some of them are very easy for hackers to find out. We recommend making up answers instead and keeping that information in your password manager.

Change the default passwords for anything connected to your home network. Your router is the most important device to secure, because your router could give a hacker complete access to your home network. Don’t forget other connected devices like baby monitors.

2. Keep your computer virus-free.

Digital security has a lot to do with digital privacy. If your computer is infected by a virus or malware, not only can hackers dig through your data to steal your identity, but they may lock up your files and ask for a ransom to get them back. The solution? Run an antivirus program to watch for viruses, and keep your other software up to date to close security holes. This applies not only to your computer but your mobile devices as well.

Our favorite antivirus is Webroot, which offers protection for Windows, Apple and Android devices. If you’d rather use a free app, try Avast. It doesn’t have as many features as Webroot, but it’s a solid antivirus scanner, and the price is certainly right.

Make sure your operating system is up to date with the latest security patches. To make that process easier, we recommend turning on auto-update features. Here’s how:

MacOS automatically checks for updates by default, but you can check manuallywith these instructions.

Android typically notifies you of updates, but you’ll need to install them manually. Instructions will vary depending on your device and the version of Android you’re currently running; check with your device manufacturer for details.

3. Secure your browser.

Your browser is how you interact with the digital world, and if you aren’t careful, you could be leaving a trail of footprints behind you as you browse. Whether it’s websites and marketers tracking you or a hacker spying on what you’re doing, there are ways to keep your browsing habits private.

The first step for keeping advertisers out of your browser is turning off third-party cookies. Advertisers use cookies to see where you’ve been and tailor the ads they show you appropriately. Here’s how to block cookies in Chrome, Edge, Internet Explorer, Firefox and Safari.

To go a step farther, you can disable JavaScript. This cuts off another common way advertisers (or hackers) track you, but it can render some web pages nonfunctional. If you want to turn JavaScript off anyway, here’s how to do it in Chrome, Edge, Internet Explorer, Firefox and Safari.

Don’t want to worry about any of this? Try the Privacy Badger browser plug-in for Chrome, Firefox and Opera, which shuts down many potential trackers automatically. HTTPS Everywhere is another good browser plug-in that forces your browser to use secure, encrypted sites when they’re available, which helps keep snoops out of your data.

4. Switch search engines.

Most search engines keep tabs on what you’re looking for so they can target ads to your tastes. If you don’t like the idea of your search history being used to sell you things, DuckDuckGo is the search engine for you. The site doesn’t track any of your personal data, so you can search without anyone watching over your shoulder.

5. Be careful what you share on social media.

Social media can feel like a conversation with your closest friends — except it may be a conversation the whole world can see. If you post enough on social media, the information can be used to track where you are and what you’re up to.

The first line of defense is to lock down your social media accounts. Share only with the people you want to see the information you’re sharing, like your friends and family. On Twitter, your account is either completely open or locked down to people you invite to follow you; changing that setting is as easy as clicking a checkbox. Facebook allows more granular control over who sees what you post. ReadHow to Keep Facebook Privacy Private to configure your profile.

Don’t want to lock down your account? Then be choosy about what you share. Take special care with personal information that could be used to identify you or track your location. Don’t fill out your complete profile in order to prevent being easily identified or to give someone enough personal details to steal your identity. Consider dialing down what you share. Do you really need to check in to every business you visit, making yourself easy to track? Maybe not.

6. Ask why others need your information.

Whenever you’re asked to provide personal information, whether in person, on the phone or online, consider whether you really need to give it out. Sometimes information like your email address and ZIP code is used purely for marketing purposes; in that case, expect your real and virtual mailboxes to be packed with junk mail.

To maintain your privacy, never give away more information than you have to. This is doubly true of sensitive personal information like your social security number — even just the last four digits. Unless it’s your bank, a credit bureau, a company that wants to do a background check on you or some other entity that has to report to the IRS, chances are they don’t really need it.

7. Don’t fall for scams.

Beware of websites, phone calls and emails that try to part you from your personal information. Scammers are getting better at mimicking legitimate businesses, so be on your guard. A common tactic with scammers is to pressure you into giving up your personal information by presenting dire consequences if you don’t. For example, a scammer may tell you that you’re being audited by the IRS or that your computer has a dangerous virus they can fix if you hand over your personal information.

These high-pressure tactics can spook you into giving up plenty of personal details, but don’t be fooled. Legitimate businesses don’t make unsolicited calls to ask for your social security number or computer password. If you’ve received a call or email like this you think may be legitimate, contact the business it claims to be from. Don’t use the link or phone number provided by whoever contacted you; instead, contact the company directly using contact information you personally look up on the company’s website. If the matter is legitimate, the company will confirm so and help you resolve the issue while making sure your personal information stays safe.

8. Only use software you trust.

Whether you’re installing new software on your phone or your computer, make sure you’re getting it from a source you trust. Legitimate-looking software can sometimes turn out to be a complete scam, like the scandal over the Meitu photo app, which collects a mountain of data on its users. Make sure anything you download comes from a trusted developer and a trusted source.

If you don’t know where your software comes from, you don’t know what it’s really doing — and that means there’s no telling where your information is going.

9. Only use secure Wi-Fi connections.

Sure, it’s convenient to use the free Wi-Fi service at your local Starbucks, but there’s no telling who is watching that internet traffic. If you use public Wi-Fi, don’t use it to convey private information. Browsing your favorite website is fine, but take extra security measures if you’re logging into an account. Use a VPN service to encrypt all of the data you send. There are many services that can do this, including NordVPN and Buffered VPN. VPN services charge a fee to use, from day passes to year-round protection.